<p>Trilium supports configuration via a file named <code>config.ini</code> and
  environment variables. This document provides a comprehensive reference
  for all configuration options.</p>
<h2>Location of the configuration file</h2>
<p>The configuration file is not located in the same directory as the application.
  Instead, the <code>config.ini</code> is located in the&nbsp;<a class="reference-link"
  href="#root/_help_tAassRL4RSQL">Data directory</a>. As such, the configuration
  file is only available after starting the application and creating a database.</p>
<h2>Configuration Precedence</h2>
<p>Configuration values are loaded in the following order of precedence (highest
  to lowest):</p>
<ol>
  <li><strong>Environment variables</strong> (checked first)</li>
  <li><strong>config.ini file values</strong>
  </li>
  <li><strong>Default values</strong>
  </li>
</ol>
<h2>Environment Variable Patterns</h2>
<p>Trilium supports multiple environment variable patterns for flexibility.
  The primary pattern is: <code>TRILIUM_[SECTION]_[KEY]</code>
</p>
<p>Where:</p>
<ul>
  <li><code>SECTION</code> is the INI section name in UPPERCASE</li>
  <li><code>KEY</code> is the camelCase configuration key converted to UPPERCASE
    (e.g., <code>instanceName</code> → <code>INSTANCENAME</code>)</li>
</ul>
<p>Additionally, shorter aliases are available for common configurations
  (see Alternative Variables section below).</p>
<h2>Environment Variable Reference</h2>
<h3>General Section</h3>
<table>
  <thead>
    <tr>
      <th>Environment Variable</th>
      <th>Type</th>
      <th>Default</th>
      <th>Description</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><code>TRILIUM_GENERAL_INSTANCENAME</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>Instance name for API identification</td>
    </tr>
    <tr>
      <td><code>TRILIUM_GENERAL_NOAUTHENTICATION</code>
      </td>
      <td>boolean</td>
      <td>false</td>
      <td>Disable authentication (server only)</td>
    </tr>
    <tr>
      <td><code>TRILIUM_GENERAL_NOBACKUP</code>
      </td>
      <td>boolean</td>
      <td>false</td>
      <td>Disable automatic backups</td>
    </tr>
    <tr>
      <td><code>TRILIUM_GENERAL_NODESKTOPICON</code>
      </td>
      <td>boolean</td>
      <td>false</td>
      <td>Disable desktop icon creation</td>
    </tr>
    <tr>
      <td><code>TRILIUM_GENERAL_READONLY</code>
      </td>
      <td>boolean</td>
      <td>false</td>
      <td>Enable read-only mode</td>
    </tr>
  </tbody>
</table>

<h3>Network Section</h3>
<table>
  <thead>
    <tr>
      <th>Environment Variable</th>
      <th>Type</th>
      <th>Default</th>
      <th>Description</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><code>TRILIUM_NETWORK_HOST</code>
      </td>
      <td>string</td>
      <td>"0.0.0.0"</td>
      <td>Server host binding</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_PORT</code>
      </td>
      <td>string</td>
      <td>"3000"</td>
      <td>Server port</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_HTTPS</code>
      </td>
      <td>boolean</td>
      <td>false</td>
      <td>Enable HTTPS</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_CERTPATH</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>SSL certificate path</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_KEYPATH</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>SSL key path</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_TRUSTEDREVERSEPROXY</code>
      </td>
      <td>boolean/string</td>
      <td>false</td>
      <td>Reverse proxy trust settings</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_CORSALLOWORIGIN</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>CORS allowed origins</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_CORSALLOWMETHODS</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>CORS allowed methods</td>
    </tr>
    <tr>
      <td><code>TRILIUM_NETWORK_CORSALLOWHEADERS</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>CORS allowed headers</td>
    </tr>
  </tbody>
</table>

<h3>Session Section</h3>
<table>
  <thead>
    <tr>
      <th>Environment Variable</th>
      <th>Type</th>
      <th>Default</th>
      <th>Description</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><code>TRILIUM_SESSION_COOKIEMAXAGE</code>
      </td>
      <td>integer</td>
      <td>1814400</td>
      <td>Session cookie max age in seconds (21 days)</td>
    </tr>
  </tbody>
</table>

<h3>Sync Section</h3>
<table>
  <thead>
    <tr>
      <th>Environment Variable</th>
      <th>Type</th>
      <th>Default</th>
      <th>Description</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><code>TRILIUM_SYNC_SYNCSERVERHOST</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>Sync server host URL</td>
    </tr>
    <tr>
      <td><code>TRILIUM_SYNC_SYNCSERVERTIMEOUT</code>
      </td>
      <td>string</td>
      <td>"120000"</td>
      <td>Sync server timeout in milliseconds</td>
    </tr>
    <tr>
      <td><code>TRILIUM_SYNC_SYNCPROXY</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>Sync proxy URL</td>
    </tr>
  </tbody>
</table>

<h3>MultiFactorAuthentication Section</h3>
<table>
  <thead>
    <tr>
      <th>Environment Variable</th>
      <th>Type</th>
      <th>Default</th>
      <th>Description</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>OAuth/OpenID base URL</td>
    </tr>
    <tr>
      <td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>OAuth client ID</td>
    </tr>
    <tr>
      <td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>OAuth client secret</td>
    </tr>
    <tr>
      <td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL</code>
      </td>
      <td>string</td>
      <td>"<a href="https://accounts.google.com">https://accounts.google.com</a>"</td>
      <td>OAuth issuer base URL</td>
    </tr>
    <tr>
      <td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME</code>
      </td>
      <td>string</td>
      <td>"Google"</td>
      <td>OAuth issuer display name</td>
    </tr>
    <tr>
      <td><code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON</code>
      </td>
      <td>string</td>
      <td>""</td>
      <td>OAuth issuer icon URL</td>
    </tr>
  </tbody>
</table>

<h3>Logging Section</h3>
<table>
  <thead>
    <tr>
      <th>Environment Variable</th>
      <th>Type</th>
      <th>Default</th>
      <th>Description</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td><code>TRILIUM_LOGGING_RETENTIONDAYS</code>
      </td>
      <td>integer</td>
      <td>90</td>
      <td>Number of days to retain log files</td>
    </tr>
  </tbody>
</table>

<h2>Alternative Environment Variables</h2>
<p>The following alternative environment variable names are also supported
  and work identically to their longer counterparts:</p>
<h3>Network CORS Variables</h3>
<ul>
  <li><code>TRILIUM_NETWORK_CORS_ALLOW_ORIGIN</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWORIGIN</code>)</li>
  <li><code>TRILIUM_NETWORK_CORS_ALLOW_METHODS</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWMETHODS</code>)</li>
  <li><code>TRILIUM_NETWORK_CORS_ALLOW_HEADERS</code> (alternative to <code>TRILIUM_NETWORK_CORSALLOWHEADERS</code>)</li>
</ul>
<h3>Sync Variables</h3>
<ul>
  <li><code>TRILIUM_SYNC_SERVER_HOST</code> (alternative to <code>TRILIUM_SYNC_SYNCSERVERHOST</code>)</li>
  <li><code>TRILIUM_SYNC_SERVER_TIMEOUT</code> (alternative to <code>TRILIUM_SYNC_SYNCSERVERTIMEOUT</code>)</li>
  <li><code>TRILIUM_SYNC_SERVER_PROXY</code> (alternative to <code>TRILIUM_SYNC_SYNCPROXY</code>)</li>
</ul>
<h3>OAuth/MFA Variables</h3>
<ul>
  <li><code>TRILIUM_OAUTH_BASE_URL</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL</code>)</li>
  <li><code>TRILIUM_OAUTH_CLIENT_ID</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTID</code>)</li>
  <li><code>TRILIUM_OAUTH_CLIENT_SECRET</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHCLIENTSECRET</code>)</li>
  <li><code>TRILIUM_OAUTH_ISSUER_BASE_URL</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERBASEURL</code>)</li>
  <li><code>TRILIUM_OAUTH_ISSUER_NAME</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERNAME</code>)</li>
  <li><code>TRILIUM_OAUTH_ISSUER_ICON</code> (alternative to <code>TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHISSUERICON</code>)</li>
</ul>
<h3>Logging Variables</h3>
<ul>
  <li><code>TRILIUM_LOGGING_RETENTION_DAYS</code> (alternative to <code>TRILIUM_LOGGING_RETENTIONDAYS</code>)</li>
</ul>
<h2>Boolean Values</h2>
<p>Boolean environment variables accept the following values:</p>
<ul>
  <li><strong>True</strong>: <code>"true"</code>, <code>"1"</code>, <code>1</code>
  </li>
  <li><strong>False</strong>: <code>"false"</code>, <code>"0"</code>, <code>0</code>
  </li>
  <li>Any other value defaults to <code>false</code>
  </li>
</ul>
<h2>Using Environment Variables</h2>
<p>Both naming patterns are fully supported and can be used interchangeably:</p>
<ul>
  <li>The longer format follows the section/key pattern for consistency with
    the INI file structure</li>
  <li>The shorter alternatives provide convenience for common configurations</li>
  <li>You can use whichever format you prefer - both are equally valid</li>
</ul>
<h2>Examples</h2>
<h3>Docker Compose Example</h3><pre><code class="language-text-x-yaml">services:
  trilium:
    image: triliumnext/trilium
    environment:
      # Using full format
      TRILIUM_GENERAL_INSTANCENAME: "My Trilium Instance"
      TRILIUM_NETWORK_PORT: "8080"
      TRILIUM_NETWORK_CORSALLOWORIGIN: "https://myapp.com"
      TRILIUM_SYNC_SYNCSERVERHOST: "https://sync.example.com"
      TRILIUM_MULTIFACTORAUTHENTICATION_OAUTHBASEURL: "https://auth.example.com"
      
      # Or using shorter alternatives (equally valid)
      # TRILIUM_NETWORK_CORS_ALLOW_ORIGIN: "https://myapp.com"
      # TRILIUM_SYNC_SERVER_HOST: "https://sync.example.com"
      # TRILIUM_OAUTH_BASE_URL: "https://auth.example.com"</code></pre>
<h3>Shell Export Example</h3><pre><code class="language-text-x-trilium-auto"># Using either format
export TRILIUM_GENERAL_NOAUTHENTICATION=false
export TRILIUM_NETWORK_HTTPS=true
export TRILIUM_NETWORK_CERTPATH=/path/to/cert.pem
export TRILIUM_NETWORK_KEYPATH=/path/to/key.pem
export TRILIUM_LOGGING_RETENTIONDAYS=30

# Start Trilium
npm start</code></pre>
<h2>config.ini Reference</h2>
<p>For the complete list of configuration options and their INI file format,
  please review the <a href="https://github.com/TriliumNext/Trilium/blob/main/apps/server/src/assets/config-sample.ini">config-sample.ini</a> file
  in the Trilium repository</p>